Another vote for authy/google authenticator support. Since paypal and ebay have abandoned vip access, nothing else I use needs it. Authy is nice becase you don't have to set everything up again every time you get a new phone.

I'd also really like support for other time based one time password (TOTP) applications besides VeriSign. I use 1Password, but any service like Authy or Google Authenticator are essentially the same. I have all my other TOPT tokens stored in 1Password — USAA is the only site I frequent that requires the use of VeriSign.

Today, I disabled 2FA on USAA because it's very inconvenient to use this one other 2FA app just for this one site. Also, I am unable to connect my budgeting app, YNAB, to USAA when 2FA is enabled (this was brought up in another post in the forum). Again, every other site I use with 2FA, e.g., Twitter, GitHub, Dropbox, AWS (which many banks run on), etc., supports TOPT via third party apps. USAA is the only one that does not.

Based on some cursory research, USAA appears to still be ahead of other banks that only offer SMS based 2FA, which is actually worse than no 2FA and really should not be offered as on option. So while USAA is leading the pack, I'd love it if you pulled even further ahead and were the first bank to support third party TOTP apps.

For the technically-inclined: One can generate a Symantec VIP Access token using Dan Lenski's fork of cyrozap's python-vipacces, a free and open source software implementation of Symantec's VIP Access client. The credential type needed for USAA is "VIP Access Mobile (no TrustZone)," for which the applicable prefix is "SYMC." I am using a token generated via this method with Duo Mobile on Android to authenticate to USAA's site. Duo Mobile holds tokens for a variety of uses, and I no longer need the VIP Access application.